Hi, we are using the SonarQube 8.3 developer ed. trial version to evaluate it use it in our CI environment using Jenkins. We are currently struggling to get the PR decoration / check to work in GitHub.
The actual comment on the PR is working and we can se that happening but the actual check does not as we expect. We have one warning that we can see in the UI shows a link to the PR and it works but also a warning:
" Pull request decoration did not happen. Commit ‘:commit_hash’ not found in pull request ‘:pr_number’"
We can see that the commit is there for the PR so we not sure about this warning.
We have followed the instructions for PR decoration in the documentation for 8.3 version and setup a GitHub app and that also seems to work since we see that the actual comment on the PR is there. But the actual check is not.
The scanner version we are using is 2.8.
Gradle version 5.6
We also setup the ALM in SonarQube as far as we can tell correctly and the logs does indicate that the integration is working half way at least.
Any suggestions on how to resolve this would be much appreciated.
Let me know if you need more information.
Hi, welcome to the community. This error often appears when the CI job is not fetching enough history (like a git shallow clone --depth 0), or when the CI job is working on a merge/rebase result, instead of the branch head. This is worth double-checking.
To be sure, you can add a git log command before in your CI job before the scanner runs, like : git log --pretty=oneline -n10
and investigate from there.
I have tried to remove any 'middle-man’s CI (we use Jenkins) and just run scanning locally to make it easier to investigate the problem, where I have checked out the branch that I have made the PR for. The scan reports to my locale SonarQube instance and is integrated with GitHub ALM.
So the steps I have taken to understand the issue
Run git clone --no depth
Run git checkout for the branch the PR was made for
Run gradle SonarQube with the necessary parameters
The scan completes and the local SQ reports the comment on the PR for the SHA (no checks-run)
I have also tried the SHA against GitHub api directly with ‘postman’ and successfully created the check with the api.
Is there any steps or procedure that I miss or misunderstand? Is there any other circumstances the actual check does not run